Lucene search
K

183 matches found

AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fixed potential memory corruption in ipmicreateuser. The “intf” list iterator becomes an invalid pointer if the correct “intf-intfnum” is not found. Calling atomicdec&intf-nrusers with an invalid pointer will lea...

7.8CVSS6.1AI score0.00155EPSS
Exploits0References3
CVE
CVE
added 2026/01/12 2:59 p.m.19 views

CVE-2025-41078

Viafirma Documents v3.7.129 is affected by an authorization weakness that allows an authenticated, unprivileged user to enumerate and access other users’ data, use user-management features (creation, modification, deletion), and escalate privileges by impersonating other users during document gen...

8.7CVSS6.6AI score0.00205EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.12 views

PT-2026-2167

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description The application does not verify the authenticity of client requests, leading to a cross-site request forgery condition. An attacker can potentially trick a logged-in user into submitting...

8.9CVSS6.3AI score0.00213EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/02 12:35 a.m.7 views

Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover

Summary A privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new...

8.8CVSS7.1AI score0.00278EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/02 12:35 a.m.4 views

GHSA-CJCP-QXVG-4RJM Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover

Summary A privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new...

8.8CVSS7AI score0.00278EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/21 6:17 a.m.6 views

EUVD-2025-198420

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...

5.3CVSS4.7AI score0.00207EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.9 views

CVE-2023-7323

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS6.2AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.15 views

CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.4CVSS6.3AI score0.00466EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2020-30817

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.1CVSS5.8AI score0.00466EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.6 views

CVE-2023-7323

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.9 views

CVE-2023-7323

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS0.00466EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.4CVSS0.00466EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:27 p.m.3 views

CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.8AI score0.00466EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:27 p.m.7 views

CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS0.00466EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:27 p.m.16 views

CVE-2023-7323

CVE-2023-7323 affects Nagios Log Server prior to 2024R1, with an XSS vulnerability caused by insufficient validation/escaping of user input in the Create User function. The impact is potential arbitrary script execution in a victim’s browser. Publicly disclosed details across Red Hat, EUVD, and v...

5.4CVSS5.8AI score0.00466EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:26 p.m.7 views

CVE-2020-36858 Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.1CVSS0.00466EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:26 p.m.19 views

CVE-2020-36858

Nagios Log Server is affected by a cross-site scripting (XSS) vulnerability in versions prior to 2.1.6, exposed via the web interface on Create User, Edit User, and Manage Host Lists pages. The root cause is insufficient validation/escaping of user-supplied input, allowing an attacker to inject a...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.5 views

PT-2025-44495

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1 Description Nagios Log Server versions prior to 2024R1 are susceptible to cross-site scripting XSS through the Create User function. Insufficient validation or escaping of user-supplied input could...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.3 views

PT-2025-44464

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2.1.6 Description Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS issues through the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validati...

5.4CVSS6.1AI score0.00466EPSS
Exploits0References4
Rows per page
Query Builder